# /impersonate - Start impersonation (permission-based access)

**POST /impersonate**

Allows users with `impersonate:users` permission (Super Admin role) or Owner organization role
to impersonate another user, but only if that user has active consent enabled.
The impersonation token duration will match the user's consent settings.



## Servers
- Backend API server (port 8080): https://api.your-domain.com/api (Backend API server (port 8080))
- Collect API server (port 8081): https://collect.your-domain.com/api (Collect API server (port 8081))


## Authentication methods
- Bearer auth


## Parameters



### Body: application/json (object)

- **user_id** (string)
  Logto ID of the user to impersonate


## Responses
### 200
Impersonation started successfully

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object)


### 400
Bad request (cannot impersonate yourself, user not found, etc.)

#### Body: application/json (object)
- **code** (integer)
  HTTP error code
- **message** (string)
  Error message
- **data** (object)


### 403
Forbidden (insufficient permissions for impersonation, or already impersonating)

#### Body: application/json (object)
- **code** (integer)
  HTTP error code
- **message** (string)
  Error message
- **data** (object)


### 401
Unauthorized - invalid or missing token

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)



[Powered by Bump.sh](https://bump.sh)